Systems and methods for securely booting a computer with a trusted processing module

US 7,725,703 B2
Filed: 01/07/2005
Issued: 05/25/2010
Est. Priority Date: 01/07/2005
Status: Active Grant

First Claim

Patent Images

1. A computer readable storage medium bearing instructions for a secure boot process on a computer with a hardware security module (HSM) that contains recorded values, compares submitted values to the recorded values, and releases a secret if the submitted values are correct, said computer readable medium comprising:

instructions for submitting at least one value to the HSM, wherein if said at least one value is correct, the HSM releases a first secret;

instructions for retrieving the first secret;

instructions for decrypting data using information that is accessible due to retrieving of the first secret, wherein the execution of said instructions for decrypting produces decrypted data;

instructions for at least a portion of a computer boot process, wherein said computer boot process cannot complete a normal boot without said decrypted data; and

instructions for submitting at least one replacement value to the HSM to replace the at least one value, wherein said at least one replacement value revokes access to said first secret and, if said replacement value is correct, the HSM releases a second secret required to continue the normal boot.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a computer with a trusted platform module (TPM), an expected hash value of a boot component may be placed into a platform configuration register (PCR), which allows a TPM to unseal a secret. The secret may then be used to decrypt the boot component. The hash of the decrypted boot component may then be calculated and the result can be placed in a PCR. The PCRs may then be compared. If they do not, access to the an important secret for system operation can be revoked. Also, a first secret may be accessible only when a first plurality of PCR values are extant, while a second secret is accessible only after one or more of the first plurality of PCR values has been replaced with a new value, thereby necessarily revoking further access to the first secret in order to grant access to the second secret.

Citations

20 Claims

1. A computer readable storage medium bearing instructions for a secure boot process on a computer with a hardware security module (HSM) that contains recorded values, compares submitted values to the recorded values, and releases a secret if the submitted values are correct, said computer readable medium comprising:
- instructions for submitting at least one value to the HSM, wherein if said at least one value is correct, the HSM releases a first secret;
  
  instructions for retrieving the first secret;
  
  instructions for decrypting data using information that is accessible due to retrieving of the first secret, wherein the execution of said instructions for decrypting produces decrypted data;
  
  instructions for at least a portion of a computer boot process, wherein said computer boot process cannot complete a normal boot without said decrypted data; and
  
  instructions for submitting at least one replacement value to the HSM to replace the at least one value, wherein said at least one replacement value revokes access to said first secret and, if said replacement value is correct, the HSM releases a second secret required to continue the normal boot.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer readable storage medium of claim 1, wherein the HSM is a trusted platform module (TPM), and the at least one value and the at least one replacement value are placed in at least one platform configuration register (PCR).
  - 3. The computer readable storage medium of claim 1 wherein the decrypted data comprises a software component used in the computer boot process.
  - 4. The computer readable storage medium of claim 1 wherein the decrypted data comprises information which a software component used in the computer boot process requires in order to continue the computer process.
  - 5. The computer readable storage medium of claim 1 wherein the decrypted data comprises information which is required in order to access data stored on a computer readable medium.
  - 6. The computer readable storage medium of claim 1, further comprising instructions for removing the first secret from memory.

7. A computer comprising a hardware security module (HSM) that contains recorded values, compares submitted values to the recorded values, and releases a secret if the submitted values are correct, said computer also comprising:
- means for submitting at least one value to the HSM, wherein if said at least one value is correct, the HSM releases a first secret;
  
  means for retrieving the first secret;
  
  means for decrypting data using information that is accessible due to retrieving of the first secret, wherein the operation of said means for decrypting produces decrypted data;
  
  means comprising at least a portion of a computer boot process, wherein said computer boot process cannot complete a normal boot without said decrypted data; and
  
  means for submitting at least one replacement value to the HSM to replace the at least one value, wherein said at least one replacement value revokes access to said first secret and, if said replacement value is correct, the HSM releases a second secret required to continue the normal boot.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer of claim 7, wherein the HSM is a trusted platform module (TPM) and the at least one value and the at least one replacement value are placed in a platform configuration register (PCR).
  - 9. The computer of claim 7, wherein the decrypted data comprises a software component used in the computer boot process.
  - 10. The computer of claim 7, wherein the decrypted data comprises information which a software component used in the computer boot process requires in order to continue the computer process.
  - 11. The computer of claim 7, wherein the decrypted data comprises information which is required in order to access data stored on a computer readable medium.
  - 12. The computer of claim 7, further comprising means for removing the first secret from memory.

13. A computer readable storage medium bearing instructions for a secure boot process on a computer with a plurality of partitions and a hardware security module (HSM) that contains recorded values, compares submitted values to the recorded values, and releases a secret if the submitted values are correct, said computer readable medium comprising:
- instructions for submitting at least one value to the HSM, wherein if said at least one value is correct, the HSM releases a first secret;
  
  instructions for retrieving the first secret;
  
  instructions for removing the first secret from a memory location;
  
  instructions for submitting at least one second value to the HSM, wherein if said second value is correct, the HSM releases a second secret and not the first secret.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The computer readable storage medium of claim 13, wherein the HSM is a trusted platform module (TPM) and the at least one value and the at least one second value is placed in a platform configuration register (PCR).
  - 15. The computer readable storage medium of claim 13, further comprising instructions for at least a portion of a computer boot process, wherein said computer boot process cannot complete a normal boot without the first secret.
  - 16. The computer readable storage medium of claim 13 wherein the second secret is required in order to access substantially all data stored on at least one partition of a computer readable medium.
  - 17. The computer readable storage medium of claim 13 wherein the first value comprises a hash of a software component used in a computer boot process.
  - 18. The computer readable storage medium of claim 13 wherein the second value comprises a hash of a decryption key.
  - 19. The computer readable storage medium of claim 13 wherein at least one of the first secret and the second secret is a Binary Large Object (BLOB).
  - 20. The computer readable storage medium of claim 13 wherein at least one of the first secret and the second secret is a decryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ray, Kenneth D, Schwartz, Jonathan, England, Paul, Thom, Stefan, Hunter, Jamie, Schwartz, James Anthony Jr., Humphries, Russell
Primary Examiner(s)
Kim; Jung
Assistant Examiner(s)
Okeke; Izunna

Application Number

US11/031,161
Publication Number

US 20060155988A1
Time in Patent Office

1,964 Days
Field of Search

726/4, 726/29, 726/34, 380/259, 713/193, 713/100, 713/170, 713/181, 713/2
US Class Current

713/2
CPC Class Codes

G06F 21/575 Secure boot

Systems and methods for securely booting a computer with a trusted processing module

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for securely booting a computer with a trusted processing module

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links